1. Field of Invention
The present invention relates generally to a system and method for providing computer network services. More specifically, the present invention relates to improving the variety of services offered to users of high speed data access systems, such as asymmetric digital subscriber line (ADSL) systems, and increasing the security involved with providing those services.
2. Background of the Invention
Asymmetric digital subscriber line (ADSL) technology offers significantly higher data rates than conventional modems. With a typical upstream (i.e., from a subscriber) data rate of 256 kilobits per second (Kbps), and a typical downstream (i.e., to the subscriber) data rate of 1.5 megabits per second (Mbps), service providers are able to offer services not possible or practical using traditional modems. These services can provide subscribers with new and more efficient ways of obtaining information and conducting business. It should be noted that even higher data rates than those mentioned above can be achieved with ADSL.
A prior art system 100 using ADSL transport is shown in FIG. 1 in which a user employs Ethernet access locally. Referring to FIG. 1, users using computers 102a and 102b communicate with a network service provider (NSP) 110 using the increased bandwidth offered by ADSL. Computers 102a and 102b communicate through internal or external ADSL termination unit-remotes (ATU-Rs) 104a and 104b respectively. ATU-Rs 104a and 104b convert data from computers 102a and 102b respectively into ATM format and forward the data to a digital subscriber line access multiplexer (DSLAM) 106 using ADSL transport. A single DSLAM, for example, the A1000 DSLAM offered by Alcatel, can terminate 576 loops. Other DSLAMs can terminate different numbers of loops, depending on the apparatus and technology used.
DSLAM 106 terminates the ADSL transport signal, and forwards the data (in ATM format) to a network, e.g., ATM network 108, using DS3 or OC-3 signal transports. DS3 and OC-3 are well-known signal formats for transporting data through ATM network 108. The data is forwarded to NSP 110 by (or through) ATM network 108. Conventionally, ATM network 108 is a wide-area network using fiber optic data communication links. Communication with NSP 110 is done using ATM formatting over SONET, DS3, or DS1 transport.
As illustrated by the protocol stack 112 in FIG. 1, data from user computer 102a is transmitted to ATU-R 104a in Internet Protocol (IP) format using an Ethernet local network. That data is formatted by ATU-R 104a into ATM format for transmission to NSP 110. Data is transmitted from ATU-R 104a to DSLAM 106 using ATM cells. DSLAM 106 switches the ATM cells and directs them to the ATM network 108. On the receiving side, the data is forwarded to NSP 110 using ATM cells over DS1, DS3 or OC-3 links. When the ATM cells reach NSP 110, they are reassembled to form Internet Protocol (IP) packets and distributed to the appropriate server via IP. As illustrated in FIG. 1, a permanent virtual circuit (PVC) 114 is established between user computer 102a and NSP. 110 to direct the ATM cells appropriately. As shown in FIG. 1, ATM cells are sent on the PVC established between user computer 102a and NSP 110 (and from NSP 110 to user computer 102a) using the AAL5 protocol.
The term xe2x80x9cpermanent virtual circuitxe2x80x9d (PVC) is ATM terminology for a virtual (logical) connection that has a well-defined origin, a well-defined destination, and a unique identification. A virtual connection converts a physical address corresponding to a physical origin and a physical destination of the connection to a unique connection identification representative of the physical path from the origin to the destination of the connection. ATM cells are injected into a PVC at its origin, and transported over the PVC to the destination. Thus, a PVC is an example of a logical connection from a physical origin to a physical destination of the connection. The actual physical route over which the ATM cells travel can be complex. Using the term PVC reduces the complexity to a virtual concept, which is easier to conceptualize and discuss. ATM and other communication systems are described in more detail in Andrew S. Tanenbaum, Computer Networks, Prentice-Hall (3rd Ed. 1996), which is incorporated by reference herein in its entirety.
System 100 is an example of a conventional single PVC system. Conventional single PVC systems suffer from at least one serious drawback. Such systems use a dedicated PVC between the user and the NSP. However, other NSPs can be attached to ATM network 108. For example, Internet Service Providers (ISPs), corporate networks and campus networks can be attached. Because the PVC is dedicated to a specific NSP, it is difficult for a subscriber to choose between different NSPs. To do so, the subscriber must call the ADSL service provider, e.g., a telephone company or NSP, and have the PVC dedicated to a different NSP. This is time consuming, costly and inconvenient for the subscriber, the telephone company and the service provider.
Thus, the conventional architecture severely limits the subscriber""s choice of NSPs as well as the subscriber""s choice of the services the NSPs provide. Users desiring services only offered by one NSP, as well as other services offered by another NSP, are not able to get both sets of services using system 100 unless the NSPs have a tunneling agreement (described below) in place. Moreover, because NSPs must offer virtually all services that a particular subscriber desires, they are less able to offer specialized services more tailored to specific subscriber""s needs, and for which they may have particular expertise.
One solution to this problem has been the use of tunneling arrangements. Through tunneling arrangements, NSPs reach agreements so that a user of one NSP""s services can have access to another NSP""s services through the first NSP. This solution is not optimal for a number of reasons. For example, the freedom that users have to choose a particular NSP is limited to those having tunneling arrangements in place. In addition, the burden on the first NSP""s system, when there are many users trying to tunnel to other NSPs, can degrade the performance of the first NSP""s system.
A more robust solution to the problem is to add a service gateway 202 as shown in system 200 in FIG. 2. Referring to FIG. 2, system 200 has essentially the same structure as that of system 100 with the addition of service gateway 202 and optional proxy AAA system 204. Service gateway 202 and proxy AAA system 204 allow users to select any of the NSPs, for example, NSP 110, NSP 206 or NSP 208 to obtain computer network services.
Service gateway 202 performs a second desirable function. It aggregates all the users desiring to communicate with a particular NSP onto a single PVC pipe. The single pipe carries all the data to or from the NSP. This is important because many ATM devices (including ATM switches and NSP routers) do not have sufficient ports to support large numbers of ATM PVCs. This aggregation decreases the complexity on the NSPs"" routers, lessens the burden on personnel and systems responsible for configuring, maintaining and monitoring the ATM connections, and allows NSPs to request the type of ATM pipe, or pipes, that best meet their need to balance cost and quality of service (QoS). The details of provisioning and session management for this architecture are described in K. R. Frank, et al., xe2x80x9cFast Access ADSL Architecture Description,xe2x80x9d TM-ATSEC-01-98-084, which is incorporated by reference herein in its entirety.
The protocol stacks described above with respect to system 100 are also used in system 200, except that some changes are made at service gateway 202 to accept and evaluate the address (i.e., which NSP) to which to route the session. Further, service gateway 202 performs IP forwarding to send the message to the correct NSP as chosen by the user. Thus, service gateway 202 puts the data into the correct pipe so that it is sent to the correct NSP.
Specifically, to implement system 200, a new protocol layer is added between service gateway 202 and ATU-R 104a and 104b. An example additional layer is the Point-to-Point Protocol (PPP) as illustrated in FIG. 2. The PPP protocol provides a mechanism for the user""s computer to deliver the address of the desired NSP to service gateway 202 so that service gateway 202 can complete the routing to that NSP. The following description is of the PPP-Terminated Architecture (PTA) described in ADSL Forum Document 98-017, which is hereby incorporated by reference in its entirety. The L2TP Access Architecture (LAA) can also be supported by service gateway 202, but is not discussed in detail here. LAA is described in more detail in ADSL Forum Document 98-017.
As illustrated in FIG. 2, a PVC 211 is established between computer 102b and service gateway 202. Routing information (e.g., the name of the desired NSP) is transmitted to service gateway 202 from user computer 102b. Service gateway 202 uses the routing information to establish a session with the desired NSP over the PVC between service gateway 202 and the desired NSP. Such PVCs include PVC 212, PVC 214 and PVC 216, which are logical connections with NSPs 110, 206 and 208 respectively. Note that PVCs 212, 214 and 216 are used to carry all communication intended for the corresponding NSP. These sessions are established using well-known communication protocols. See, for example, protocol stack 203 shown in FIG. 2.
To perform the dynamic user-NSP relationships allowed by the addition of service gateway 202, information must be set up in service gateway 202. For example, it must contain addresses for the NSPs to establish communication sessions with the NSPs. Service gateway 202 routes traffic to the selected NSP. All data to or from each specific NSP goes through a single pipe (the PVC connection) established for that NSP.
To verify a user""s authorization to use the services offered by a particular NSP, a proxy AAA system 204 is added to system 200. Proxy AAA system 204 is preferably another computer which communicates with NSPs to relay authentication and authorization information to NSPs.
Conventionally, service gateway 202 collects authentication and authorization information, and the desired NSP, from the user""s computer 102b in the original PPP message. Service gateway 202 passes this information on to proxy AAA system 204. Proxy AAA system 204 then relays that information to the appropriate NSP, using a protocol such as the well-known RADIUS protocol. When the NSP verifies that the user is authentic, proxy AAA system 204 sends a message to service gateway 202 instructing it to add the user""s data to the pipe carrying that NSP""s data. Further details of this authentication process can be found by referring to the PPP Terminated Architecture (PTA) architecture described in ADSL Forum 98-017, xe2x80x9cCore network Architectures for ADSL Access Systems,xe2x80x9d March 1998, which is incorporated by reference herein in its entirety. Note that the service gateway can relay authorization and authentication information via direct connection with the NSP without the proxy AAA server, i.e., the proxy AAA server is not used.
One method for a user to select a particular NSP is by providing its name in the original PPP information. For example, a user may supply the address message USER@NSPxxx.com. This message instructs the service gateway to establish communication between the user and NSPxxx""s network NSPxxx.com. Service gateway 202 converts the address to a proper network address using a routing table. Such routing tables are well-known to those skilled in the art. They contain entries corresponding to various destinations with which service gateway 202 communicates. Each entry contains among other things, a subnet address, a mask, and an IP address.
Service gateway 202 is conventionally configured so that a subscriber can choose a particular service provider without having to incur the expense and delay of contacting the phone company or NSP. Thus, the addition of the service gateway provides the subscriber the freedom to choose service providers in a dynamic way. For example, a subscriber may wish to get email or voicemail messages from a first service provider 110. Subsequently, the subscriber may wish to surf the Internet using another service provider 206. Using the service gateway, the subscriber can choose service provider 110 or 206, as desired. The service gateway manages disconnecting connections and establishing connections to effectuate the subscribers"" desires without having to contact the phone company or NSP to reroute established ADSL connections. However, the user cannot communicate with the first and subsequent service providers simultaneously in this prior art approach, because the user has only one PVC.
However, subscribers often would like to have the services of a particular provider available at any time, without having to select that provider and go through the process of logging in each time a service is desired. For example, a subscriber may desire that his email, fax and voicemail provider always be available so that the subscriber is notified of email, fax and voicemail when it arrives. That subscriber may also desire the freedom to select another service provider for other services that subscriber may want, without disconnecting from the initial service provider, for example, access to the Internet.
The following acronyms are used herein and are intended to have their conventional industry meanings:
AAAxe2x80x94Authentication, Authorization and Accounting
AAL5xe2x80x94ATM Adaptation Layer 5
ADSLxe2x80x94Asymmetric Digital Subscriber Line
ATMxe2x80x94Asynchronous Transfer Mode
ATU-Rxe2x80x94ADSL Termination unit-Remote
DSnxe2x80x94Digital Signal n (e.g., DS3 corresponds to Digital Signal 3)
DSLAMxe2x80x94Digital Subscriber Line Access Multiplexer
GUIxe2x80x94Graphical User Interface
IPxe2x80x94Internet Protocol
ISPxe2x80x94Internet Service Provider
LANxe2x80x94Local Area Network
NSPxe2x80x94Network Service Provider
OC-nxe2x80x94Optical Circuit n (e.g., OC-3 corresponds to Optical Circuit 3)
PPPxe2x80x94Point-to Point Protocol
PTAxe2x80x94PPP-Terminated Architecture
PVCxe2x80x94Permanent Virtual Circuit
QoSxe2x80x94Quality of Service
SONETxe2x80x94Synchronous Optical Network
SVCxe2x80x94Switched Virtual Circuit
WANxe2x80x94Wide Area Network
The present invention is a system and method for allowing a user to maintain a continuous logical connection to at least one continuous service provider, while having the option to connect simultaneously to at least one temporary service provider as desired. The continuous service provider provides services to which a user may desire to have continuous access, such as email, voicemail, facsimile (fax), community news, telephone calls and any other continuous services the user wants on a continuous basis. The temporary service provider provides services that the user may want from time to time. For example, the user may want temporary access to the Internet.
In the preferred embodiment of the present invention, a continuous logical connection is established with a particular service provider chosen by the user. This service provider is the user""s continuous service provider. The continuous logical connection allows the user to obtain the services of the chosen service provider continuously.
In the preferred embodiment, the continuous logical connection includes a logical connection between the user and a service gateway, and between the service gateway and the continuous service provider. Data is sent to the service gateway, which aggregates all the data destined for the continuous service provider onto a single pipe or stream over which the data is transmitted to and from the service provider. This aggregation of data is part of the IP forwarding function performed by the service gateway. The continuous logical connection remains active for as long as the user""s computer is in operation, i.e., powered up, the ATU-R is active and the line remains connected.
When the user chooses to use a temporary service provider, a temporary logical connection is established between the user and the temporary service provider. The end-to-end temporary logical connection between the user and the service provider is taken down once the user logs off the chosen temporary service provider.
In a preferred embodiment of the present invention, the continuous service provider manages and controls all of the equipment necessary to provide the continuous services to the user, including the service gateway, proxy AAA system (if used) and ATM network, to thereby preserve the integrity of the system. In this preferred embodiment, the continuous service provider does not offer traditional real-time Internet access services. As a result, the present invention can increase the security of the system over that of conventional systems, where outside connectivity is often required.
The present invention also allows service providers to specialize the services they provide. For example, some service providers have expertise in providing the services that users want on a continuous basis, while others are better equipped to offer services that users want from time-to-time. Using the present invention, service providers can choose to develop services that users want continuously, services that users want from time to time, or combinations of these services. The specialization among service providers that is enabled by the present invention is likely to lead to a wider variety, of better and more cost effective services to the user.
Accordingly, one object of the present invention is to provide subscribers with continuous access to at least one service provider while simultaneously allowing the subscriber to access the services of other service providers as desired.
Another object of the present invention is to facilitate the addition of xe2x80x9cvertical featuresxe2x80x9d into the basic transport service.
Another object of the present invention is to increase the kinds of services currently available to subscribers of high speed data access service providers.
Another object of the present invention is to provide alternative choices for subscribers to efficiently and cost effectively obtain the services they desire.
Another object of the present invention is to provide a continuous secure way for users to get various services, while simultaneously accessing non-secure entities such as the Internet.
These and other objects of the present invention are described in greater detail in the detailed description of the invention, the appended drawings and the attached claims.